Installing the signed kernel modules for UEFI secure boot on x86_64

Starting with 5.1.9.0, IBM Storage Scale supports the UEFI secure boot feature on x86_64. For IBM Storage Scale, using the UEFI secure boot means that the kernel modules are cryptographically signed by IBM so that their integrity can be verified when the system starts.

Follow the next steps to install the signed kernel modules for IBM Storage Scale on x86_64.

  1. Verify that the secure boot is enabled on the system by using the next command: 
    $ sudo mokutil --sb-state
SecureBoot enabled
  2. Check that the validation is enabled by issuing the following command: 
    $ sudo mokutil --enable-validation
  3. Download from Fix Central the RPM package that holds the signed kernel modules. The public key is either part of the self-extracting package or it is included as part of the signed kernel stand-alone package.
  4. Import the public key with this command: 
    * mokutil --import <pub-key-file>

    For more information, see Enrolling public key on target system by adding the public key to the MOK list in Red Hat documentation.

  5. Check that the key import was successful by issuing the command: 
    $ keyctl list <keyring>
  6. Install the gpfs.gplbin RPM.